Neatly managing and handling PGP/GnuPG keyrings

GUI Key Management

If graphical programs appeal more to you than tools for the command line, you should take a look at Seahorse (Gnome) [18] or KGpg (KDE) [19], as well as the GNU Privacy Assistant (GPA) [20].

You can manage certificates (Figures 4 and 5), as well as GnuPG and SSH keys, with the compact Seahorse application. It is integrated within the Ubuntu and Gnome desktops. To keep your local GnuPG keyring up to date, Seahorse can synchronize the available keys with the key server network on request with the Remote | Match and share keys menu item.

Figure 4: Seahorse delivers an overview of keys and signatures.
Figure 5: Seahorse presents the details of a GnuPG or SSH key on request.

On first sight, the GPA operates more comprehensively than Seahorse, but concentrates on GnuPG key management (Figure 6). In GPA, for example, you can add keys, modify and sign them, or match your keyring with the key server network.

Figure 6: The GPA keeps all your keys in sight.

Conclusion

Your keyring is always up to date with little effort using GnuPG and its graphical front ends. To browse for more information, I recommend the GnuPG wiki [21] and an article on OpenPGP best practices [22]. The question of where and how you can store private keys and their related files securely has remained unanswered to this point.

Note of Thanks

The author thanks Sebastian Andres, Wolfram Eifler, Sven Guckes, Gerold Rupprecht, and Martin Ebnother for their suggestions and criticism before the publication of this article.

Infos

  1. "PGP with GnuPG" by Martin Loschwitz, Ubuntu User, issue 24, 2015, pg. 56, http://www.ubuntu-user.com/Magazine/Archive/2015/24/Reliably-encrypting-emails-using-GnuPG
  2. Key signing party: https://en.wikipedia.org/wiki/Key_signing_party
  3. Monkeysign: http://web.monkeysphere.info/monkeysign/
  4. "Submitting your GPG key to a keyserver": https://debian-administration.org/article/451/Submitting_your_GPG_key_to_a_keyserver
  5. GnuPG: https://www.gnupg.org
  6. GPG options: https://www.gnupg.org/documentation/manuals/gnupg/GPG-Options.html
  7. Key servers: https://sks-keyservers.net/status/
  8. GnuPG server pools: https://sks-keyservers.net/overview-of-pools.php
  9. "Creating a new GPG key with subkeys": https://www.void.gr/kargig/blog/2013/12/02/creating-a-new-gpg-key-with-subkeys/
  10. Sending encrypted emails using Thunderbird and PGP: http://www.wefightcensorship.org/article/sending-encrypted-emails-using-thunderbird-and-pgphtml.html
  11. Mutt and GnuPG: https://dev.mutt.org/trac/wiki/MuttGuide/UseGPG
  12. The difference between electronic signatures and digital signatures: https://www.globalsign.com/en/blog/electronic-signatures-vs-digital-signatures/
  13. Tank, Margo H. K., Sara E. Emley, and R. David Whitaker. A Brief Guide to Using Electronic Signatures in Securities Transactions, http://www.buckleysandler.com/uploads/1082/doc/A-Brief-Guide-to-Using-Electronic-Signatures-in-Securities-Transactions.pdf
  14. X.509 certificates: https://en.wikipedia.org/wiki/X.509
  15. Enigmail (DEB): https://packages.debian.org/jessie/enigmail
  16. Setting up OpenPGP encryption in Thunderbird/Icedove, https://wiki.debian.org/Icedove#Setting_up_OpenPGP_Encryption
  17. The GNU Privacy Handbook, Chapter 3, Key Management: https://www.gnupg.org/gph/en/manual/c235.html
  18. Seahorse: https://wiki.gnome.org/Apps/Seahorse
  19. KGpg: https://utils.kde.org/projects/kgpg/
  20. GNU Privacy Assistant: https://www.gnupg.org/related_software/gpa/index.html
  21. GnuPG wiki: https://wiki.gnupg.org
  22. OpenPGP best practices: https://help.riseup.net/en/security/message-security/openpgp/best-practices

The Author

Frank Hofmann (http://www.efho.de) works in Berlin as a service provider at B¸ro 2.0, an open source experts' network specializing in printing and typesetting. Since 2008, he has coordinated the regional meeting of LUGs from the Berlin-Brandenburg Region and is co-author of the Debian-Paketmanagement-Buch (Debian Package Management Book, http://www.dpmb.org).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Encrypting Email

    The leading email applications include new features for helping users secure and authenticate their mail messages, but each tool has a different approach to handling tasks such as signing and encryption. This article describes how to add encryption and digital signatures to the Thunderbird, Kmail, and Evolution mail clients.

  • Security Lessons: Checking Signatures

    How to avoid malicious code on Linux.

  • Enigmail

    Combining the Enigmail add-on and the GnuPG encryption software gives Thunderbird users a powerful tool for encrypting and signing email.

  • Anubis

    The Anubis mail manipulation daemon lets you centralize encryption for outgoing mail.

  • Thunderbird Security

    Thunderbird offers several options for secure email, and the GnuPG-based Enigmail encryption add-on provides an additional layer of protection.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95

News